Metadata-Version: 2.0
Name: drf-jwt-knox
Version: 0.1.0.dev1
Summary: JSON Web Tokens with a Knox-powered database backend
Home-page: https://github.com/ssaavedra/drf-jwt-knox
Author: Santiago Saavedra
Author-email: ssaavedra@gpul.org
License: Apache2
Platform: UNKNOWN
Classifier: Development Status :: 3 - Alpha
Classifier: Environment :: Web Environment
Classifier: Framework :: Django
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 2
Classifier: Programming Language :: Python :: 3
Classifier: Topic :: Internet :: WWW/HTTP :: Session
Requires-Dist: PyJWT (~=1.4)
Requires-Dist: django-rest-knox (~=2.2)
Requires-Dist: djangorestframework (~=3.4)
Requires-Dist: six (~=1.10)
Provides-Extra: dev
Requires-Dist: pypandoc (~=1.2); extra == 'dev'
Provides-Extra: test
Requires-Dist: coverage (~=4.2); extra == 'test'
Requires-Dist: pytest (~=3.0.2); extra == 'test'
Requires-Dist: tox (~=2.3); extra == 'test'

DRF JWT + Knox
==============

|Build Status| |codecov| |Requirements Status|

This package provides an authentication mechanism for Django REST
Framework based on `JSON Web
Tokens <https://github.com/jpadilla/pyjwt>`__ in the browser backed up
by `Knox <https://github.com/James1345/django-rest-knox>`__-powered
tokens in the database.

This package aims to take the better parts of both worlds, including:

-  Expirable tokens: The tokens may be manually expired in the database,
   so a user can log out of all other logged-in places, or everywhere.
-  Different tokens per login attempt (per user-agent), meaning that a
   user's session is tied to the specific machine and logging can be
   segregated per usage.
-  JWT-based tokens, so the token can have an embedded expiration time,
   and further metadata for other applications.
-  Tokens are generated via OpenSSL so that they are cryptographically
   more secure.
-  Only the tokens' hashes are stored in the database, so that even if
   the database gets dumped, an attacker cannot impersonate people
   through existing credentials
-  Other applications sharing the JWT private key can also decrypt the
   JWT

Usage
=====

Add this application **and knox** to ``INSTALLED_APPS`` in your
``settings.py``.

Then, add this app's routes to some of your ``urlpatterns``.

You can use the ``verify`` endpoint to verify whether a token is valid
or not (which may be useful in a microservice architecture).

Tests
=====

Tests are automated with ``tox`` and run on Travis-CI automatically. You
can check the status in Travis, or just run ``tox`` from the command
line.

Contributing
============

This project uses the GitHub Flow approach for contributing, meaning
that we would really appreciate it if you would send patches as Pull
Requests in GitHub. If for any reason you prefer to send patches by
email, they are also welcome and will end up being integrated here.

License
=======

This code is released under the Apache Software License Version 2.0.

.. |Build Status| image:: https://travis-ci.org/ssaavedra/drf-jwt-knox.svg?branch=master
   :target: https://travis-ci.org/ssaavedra/drf-jwt-knox
.. |codecov| image:: https://codecov.io/gh/ssaavedra/drf-jwt-knox/branch/master/graph/badge.svg
   :target: https://codecov.io/gh/ssaavedra/drf-jwt-knox
.. |Requirements Status| image:: https://requires.io/github/ssaavedra/drf-jwt-knox/requirements.svg?branch=master
   :target: https://requires.io/github/ssaavedra/drf-jwt-knox/requirements/?branch=master


